From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 14 16:43:58 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: FreeBSD-Questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9BA7C16A419
	for <FreeBSD-Questions@FreeBSD.org>;
	Fri, 14 Dec 2007 16:43:58 +0000 (UTC)
	(envelope-from WD@US-Webmasters.com)
Received: from server1.grabweb.com (split.grabweb.net [67.15.22.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 5D01A13C461
	for <FreeBSD-Questions@FreeBSD.org>;
	Fri, 14 Dec 2007 16:43:58 +0000 (UTC)
	(envelope-from WD@US-Webmasters.com)
Received: (qmail 2546 invoked from network); 14 Dec 2007 10:37:17 -0600
Received: from batv-01-192.dsl.netins.net (HELO Sabrina.US-Webmasters.com)
	(207.199.193.192)
	by uswdns.net with (DHE-RSA-AES256-SHA encrypted) SMTP;
	14 Dec 2007 10:37:17 -0600
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 14 Dec 2007 10:37:10 -0600
To: samba@lists.samba.org
From: "W. D." <WD@US-Webmasters.com>
In-Reply-To: <47600358.3010909@FreeBSD.org>
References: <20071212065822.4F6A313C457@mx1.freebsd.org>
	<475F9560.40703@FreeBSD.org>
	<20071212090407.8B26613C478@mx1.freebsd.org>
	<47600358.3010909@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20071214164358.5D01A13C461@mx1.freebsd.org>
Cc: Remko Lodder <remko@FreeBSD.org>, Timur@FreeBSD.org,
	FreeBSD-Questions@FreeBSD.org
Subject: Re: Yikes! FreeBSD samba-3.0.26a_2,1 is forbidden: "Remote 
 Code Execution...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2007 16:43:58 -0000

At 09:50 12/12/2007, Remko Lodder wrote:
>W. D. wrote:
>> At 02:01 12/12/2007, Remko Lodder wrote:
>>> W. D. wrote:
>>>> ...Vulnerability - CVE-2007-6015"
>>>>
>>>> http://www.freshports.org/net/samba3/
>>>>
>>>>=20
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>>>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/>
>>>> <http://www.freshports.org/faq.php#watchlistcount> =3D220
>>>>
>>>=20
><http://www.freshports.org/search.php?stype=3Ddepends_all&method=3Dmatch&q>=
>uery=3Dnet/samba3>
>>>> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015"
>>>> IGNORE: is forbidden: "Remote Code Execution Vulnerability -=
 CVE-2007-6015"
>>>>=20
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>>>>
>>>>=20
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>>>> 11 Dec 2007 22:39:55
>>>>   *3.0.26a_2,1* remko <mailto:remko@FreeBSD.org>
>>>>
>>>=20
><http://www.freshports.org/search.php?stype=3Dcommitter&method=3Dexact&quer=
y=3Dremko>
>>>>
>>>> Make Samba forbidden till Timur had the time to upgrade this,
>>>> because
>>>> samba appears to be vulnerable to remote code execution which could=
 harm
>>>> our users.
>>>>
>>>> This will be removed after we have a safe version to which we can
>>>> upgrade.
>>>>
>>>> Hat:                                  =20
>>>> secteam
>>>> Discussed with and requested
>>>> by:        timur
>>>>
>>>>=20
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>>>>
>>>> Dang!  When will this be fixed?
>>>>
>>>>
>>> Soon, there are patches available, we just need to make sure that it
>>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN
>>> part.
>>>
>>> Best regards,
>>> Remko
>>=20
>> Hours?  Days?  Weeks?
>>=20
>
>The freebsd port will be up to date as soon as possible, there are fixes
>available already on the Samba websites..
>
>Best regards,
>remko

Well, it's been 2 days now.  When will the code be updated
in the FreeBSD ports?  The version on the Samba website is
3.0.28.  (http://www.Samba.org/)  Why is the FreeBSD ports
version stuck at 3.0.26a_2,1?

If there are fixes available already on the Samba websites,
why can't they be integrated into the ports?

I neet to get a fileserver going right away.  I would like
to use Samba.  Perhaps I should just load Windows on it?

It seems to me that leaving a port broken like this is
very "unprofessional".  I would expect more from the folks
maintaing FreeBSD.

When is it going to be fixed?  Does "soon" mean this century?
This year?  When?





Start Here to Find It Fast!=99 ->=
 http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/